Security on the Internet is always been a popular subject, especially now. But, at the same time, many companies invest so much in different models to increase, while other people see that as a challenge to break it. So, each time some cyber-attack happens – we are all surprised but at the same time not surprise because ‘it is normal in the cyber world.’ However, hackers surprise us with the innovative methods they are using. One of the latest news in this field is LockBit’s ransomware (also called RaaS – ransomware-as-the-service), which attacked globally against different organizations in Taiwan, Chile, Italy, and the UK. It is using version 2.0 on the malware.
In these new attacks, there are automation encryptions of devices on Windows domains. Furthermore, the LockBit gang abuses Active Directory group policies, forcing the group to claim that this is one of the fastest ransomware models today. Besides this, they are trying to attract employees from the attacked companies by changing the wallpaper on their computer and turning it into an advertisement containing information on how to become part of an affiliate program and earn millions of dollars in exchange for protected information about the company. After cognition about these creative attacks, the importance of cyber security and caution must become our priority!
Infection Routine
When the affiliates decide to click the advertisement served by the LockBit, it is the moment when the actual intrusion happens – usually via an excellent remote desktop protocol, and they also use StealBit trojan for making the access and filtrate data. Scanners identify target domain controllers, and some crucial processes like MySQL, Microsoft Exchange and QuickBooks are not available. Many other services stop working as well.
After the domain loses control, they write new group policies and send them to every gadget in the network. Then the Windows Defender is disabled, and ransomware gets distributed to every Windows machine. Each file that an attacked person wants to open has a warning on how to pay the ransom and open it. Also, a victim will get changed wallpaper with instructions on paying the ransom if they want to get a system back.
How to Protect Yourself?
On the Internet, we all must be very cautious, massive companies and organizations. However, some steps can help in providing better security: strong password, multi-factor authentication, cleaning unused and old users’ accounts, system configurations that follow all security procedures, practising system back-ups.
It is crucial to know that if your organization has already got infected by the LockBit ransomware, it is not just enough to remove it from your system – by doing this, you will not get access to your files. To unlock the whole system, you will have to find an encryption key. In the end, there is also one important question – if the organization is attacked and infected by the LockBit gang – to pay or not to pay a ransom? Maybe the best answer to this doubt is the statistics – 80% of organizations that decide to pay the ransom end up getting attacked again!